Commit Graph

693 Commits

Author SHA1 Message Date
Bob Relyea
2fff7ce02e Update change log for previous checkin 2021-10-04 10:39:52 -07:00
Bob Relyea
8138473262 Rebase to NSS 3.71:
Network Security Services (NSS) 3.71 was released on 30 September 2021.

The HG tag is NSS_3_71_RTM. This version of NSS requires NSPR 4.32 or newer.

NSS 3.71 source distributions are available on ftp.mozilla.org for secure HTTPS download: <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_71_RTM/src/>

Changes:
- Bug 1717716 - Set nssckbi version number to 2.52.
- Bug 1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
- Bug 1373716 - Import of PKCS#12 files with Camellia encryption is not supported
- Bug 1717707 - Add HARICA Client ECC Root CA 2021.
- Bug 1717707 - Add HARICA Client RSA Root CA 2021.
- Bug 1717707 - Add HARICA TLS ECC Root CA 2021.
- Bug 1717707 - Add HARICA TLS RSA Root CA 2021.
- Bug 1728394 - Add TunTrust Root CA certificate to NSS.
-------------------------------------

Network Security Services (NSS) 3.70 was released on 4 September 2021.

The HG tag is NSS_3_70_RTM. This version of NSS requires NSPR 4.32 or newer.

NSS 3.70 source distributions are available on ftp.mozilla.org for secure HTTPS download: <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_70_RTM/src/>

Changes:
   - Documentation: release notes for NSS 3.70.
   - Documentation: release notes for NSS 3.69.1.
   - Bug 1726022 - Update test case to verify fix.
   - Bug 1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
   - Bug 1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
   - Formatting for lib/util
   - Bug 1681975 - Avoid using a lookup table in nssb64d.
   - Bug 1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
   - Bug 1714579 - Change default value of enableHelloDowngradeCheck to true.
   - Formatting for gtests/pk11_gtest/pk11_hpke_unittest.cc
   - Bug 1726022 - Cache additional PBE entries.
   - Bug 1709750 - Read HPKE vectors from official JSON.
   - Documentation: update for NSS 3.69 release.
2021-10-04 09:20:44 -07:00
Bob Relyea
af791c1ba6 Resolves: rhbz#1986627
Turn on LTO in NSS
2021-08-10 16:28:38 -07:00
Bob Relyea
a9f294d68c NSS 3.69 already has the sqlite patch. 2021-08-10 10:07:04 -07:00
Bob Relyea
8abf80e788 Why is rpm trying to expand stuff in a comment? (sigh) make it happy for now 2021-08-10 09:28:22 -07:00
Bob Relyea
3b8e99f54d update actual release verison for nss as well as nspr (sigh) 2021-08-10 09:21:10 -07:00
Bob Relyea
89863272ee Rebase to nss 3.69 and nspr 4.32 2021-08-10 08:50:20 -07:00
Bob Relyea
4a9ae95d97 Update nss.spec to handle scripts line rpmdev_bumpspec 2021-07-28 14:11:18 -07:00
Bob Relyea
ff3ede0b35 Mass rebuild messed up nss/nspr versioning, straighten that out now.
https://bugzilla.redhat.com/show_bug.cgi?id=1986522
2021-07-27 15:05:31 -07:00
Fedora Release Engineering
8a77a14ab9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-22 16:21:16 +00:00
Bob Relyea
b982271bc3 Rebase to NSS 3.67 for Firefox 91 2021-06-17 15:11:36 -07:00
Bob Relyea
5caf7e1665 Fix man page bug in the no-dbm man page patch 2021-05-29 10:35:12 -07:00
Bob Relyea
f760740a2b Bump NSPR build number 2021-05-28 10:24:33 -07:00
Bob Relyea
0bf3c58252 Update to NSS 3.65
- also handle man page update from NSS 3.66
  - disable ppcle hw support until it passes NSS tests
2021-05-27 18:15:48 -07:00
Bob Relyea
9ff440494f - Update to 3.63
- Update to NSPR 2.30
- Remove old dbm files and man pages
2021-03-23 22:33:58 -07:00
Bob Relyea
0b58cf9e56 Update NSPR release number to avoid conflicts 2021-02-25 10:40:22 +01:00
Bob Relyea
535c4fae51 Rebase to nss 3.62.0 2021-02-23 14:19:08 -08:00
Kalev Lember
0b3033dcf4 Rebuild to fix broken nspr dependencies
Problem: conflicting requests
- nothing provides nspr(x86-64) = 4.29.0-11.fc34 needed by nspr-devel-4.29.0-11.fc34.1.x86_64
2021-02-01 19:26:35 +01:00
Fedora Release Engineering
a580405acc - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 21:43:22 +00:00
Bob Relyea
37aceda53b update nspr release number 2021-01-22 22:55:57 +00:00
Bob Relyea
2a6b0539cc Update requires so that we get the correct crypto policies
(or all RSA and ECDSA signatures wil fail)
2021-01-22 18:07:01 +00:00
Bob Relyea
4d0b92b333 Don't remove additional sources from the src file 2021-01-22 00:27:12 +00:00
Bob Relyea
245982b2c4 Thu Jan 21 2021 Bob Relyea <rrelyea@redhat.com> - 3.60.1-1
Update to NSS 3.60.1
 Drop NODEPEND_FREEBL and LOWHASH
 bug 1919033
2021-01-22 00:10:22 +00:00
Tom Stellard
6f68ada6a7 Add BuildRequires: make
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
2021-01-07 06:00:39 +00:00
Bob Relyea
4ecb833a82 - Work around btrfs/sqlite bug
- Disable new policy entries until crypto-polices has been updated
2020-12-12 10:10:46 -08:00
Daiki Ueno
8f25129254 Update to NSS 3.59 2020-12-10 19:12:51 +01:00
Daiki Ueno
a0090873a5 Replace %%{version} references in %%build with %%{nss_version}
Suggested by Dmitry Butskoy in bz#1895447.
2020-11-07 07:13:59 +01:00
Daiki Ueno
b09fff4da1 Add operational workaround for NVR clashes 2020-10-30 12:55:26 +01:00
Daiki Ueno
466a27e84d Use the lockstep release numbering for both nspr and nss
Fixes #1892874
2020-10-30 11:28:28 +01:00
Jeff Law
51aa05789c Disable -Warray-parameter warning for gcc-11 2020-10-29 13:03:57 -06:00
Daiki Ueno
3a93ebecac Whitespace cleanup 2020-10-29 13:11:08 +01:00
Daiki Ueno
ef0e3207fd Consolidate NSPR with this package
NSPR is no longer used outside of NSS, it makes little sense to keep
it as a separate source package, but costs the packaging burden as NSS
requires a buildroot override.
2020-10-28 15:23:41 +01:00
Bob Relyea
e698f2504c Resolves: rhbz#1861495
Don't fail OCSP validations for intermediate certs if the root certs
are signed by sha1 and sha1 is disabled.
2020-10-26 16:59:30 -07:00
Daiki Ueno
0d4d4780af Revert the last change, tolerate the first CCS in TLS 1.3 2020-10-26 06:55:42 +01:00
Daiki Ueno
0d673b36cc Enable TLS 1.3 middlebox compatibility mode by default 2020-10-22 17:06:28 +02:00
Daiki Ueno
f73f7ce1e4 Install pk11hpke.h 2020-10-20 11:12:33 +02:00
Daiki Ueno
e5fecd4da4 Update to NSS 3.58 2020-10-20 09:31:29 +02:00
Daiki Ueno
8b34570da2 Remove upstreamed patch 2020-09-20 16:01:57 +02:00
Daiki Ueno
6b70690de5 Update to NSS 3.57 2020-09-19 09:13:11 +02:00
Daiki Ueno
a73f735839 Update the AArch64 patch 2020-09-05 11:08:21 +02:00
Daiki Ueno
2bb137e19d Fix AArch64 build failure 2020-09-05 10:46:10 +02:00
Daiki Ueno
c77e79a71e Update to NSS 3.56 2020-08-24 08:48:58 +02:00
Daiki Ueno
614e62c67d Fix DBM backend disablement
Also add scriptlet to migrate old DBM databases.
2020-08-15 13:40:04 +02:00
Jeff Law
d4e86043ee Disable LTO for now 2020-08-08 13:15:55 -06:00
Daiki Ueno
661472da51 Remove unused patch 2020-08-02 07:40:16 +02:00
Daiki Ueno
08dea7d5c7 Update to NSS 3.55
Also disable DBM support as per:
https://fedoraproject.org/wiki/Changes/NSSDBMRemoval
2020-08-02 07:36:17 +02:00
Fedora Release Engineering
2d5d6d2cf7 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-08-01 06:34:08 +00:00
Fedora Release Engineering
d81f1e4f76 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-28 11:55:03 +00:00
Daiki Ueno
c2e2fc0161 Update to NSS 3.54 2020-07-15 11:28:22 +02:00
Daiki Ueno
208c55f1d2 Update after crypto-policies packaging change
Suggested by Tomas Mraz in:
https://bugzilla.redhat.com/show_bug.cgi?id=1848649#c7
2020-06-22 15:21:42 +02:00